redline | eabd4e635e4467b6e7bed1b5c75455e34a5ace26a27fe9a9de6421e06b423106

Analysis

max time kernel
134s
max time network
146s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
30/10/2023, 01:26

Target

4adc85f7e83346a5301ee658eeef247c.exe
Size

223KB
MD5

4adc85f7e83346a5301ee658eeef247c
SHA1

6ab667cfb05614666666f766c7920933b63d8ce9
SHA256

eabd4e635e4467b6e7bed1b5c75455e34a5ace26a27fe9a9de6421e06b423106
SHA512

ea4a535814c0317fb6d309dd8151384104018e55b847d1d327780f108702d1e81a8a84a277319d7e0f2615c8d4e2d2e78c712c61ddd17c82f398982ff9c66d10
SSDEEP

3072:TtJXRMeZYncNgckxQdxCr1d2t/q5yoQVZL53pRzzXZQAZ:TJMeucNgckedxCDo/doQVZdZRzzXZQ

Score

10^/10

Family

redline

Botnet

kukish

77.91.124.55:19071

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral1/memory/852-0-0x0000000000BC0000-0x0000000000BFE000-memory.dmp	family_redline
behavioral1/memory/852-2-0x00000000070D0000-0x0000000007110000-memory.dmp	family_redline

C:\Users\Admin\AppData\Local\Temp\4adc85f7e83346a5301ee658eeef247c.exe
"C:\Users\Admin\AppData\Local\Temp\4adc85f7e83346a5301ee658eeef247c.exe"
1⤵
PID:852

memory/852-0-0x0000000000BC0000-0x0000000000BFE000-memory.dmp

Filesize
248KB

Download
memory/852-1-0x0000000073FE0000-0x00000000746CE000-memory.dmp

Filesize
6.9MB

Download
memory/852-2-0x00000000070D0000-0x0000000007110000-memory.dmp

Filesize
256KB

Download
memory/852-3-0x0000000073FE0000-0x00000000746CE000-memory.dmp

Filesize
6.9MB

Download
memory/852-4-0x00000000070D0000-0x0000000007110000-memory.dmp

Filesize
256KB

Download